Who Do Spammers Bank With?

When F-Secure made some test purchases of items advertised through spam and carefully followed all the trails of the purchase they were surprised to determine that "almost all spam sales worldwide are handled by just three banks." The banks were DnB Nord [Norway], St. Kitts-Nevis-Anguilla National Bank and Azerigazbank [Azerbaijan].

DnB NOR responded to F-Secure (on Twitter!), stating: "We bought a bank this winter which had a customer engaged in spam activity. This company is no longer one of our customers."

But F-Secure's research is minor league compared to an academic paper they found: Click Trajectories: End-to-End Analysis of the Spam Value Chain by
15 researchers at UCSD, UC Berkeley, the International Computer Science Institute in Berkeley and the Budapest University of Technology and Economics. The paper examines the technological and economic structure of the spam world.

The figure below, borrowed from the paper, shows the infrastructure involved in a single URL's "value chain,"

It all starts with a botnet which is used to send out spam messages to all of us. By clicking on the links in the spam, the user involves domain registrars, hosting services, proxies, manufacturers and more parties in the transaction. Some of these are more innocent parties than the others. The paper finds that the overwhelming majority of spam is related to pharmaceuticals. But that's not the interesting part.

The interesting part is the point made by F-Secure:

...we provide the first strong evidence of payment bottlenecks in the spam value chain; 95% of spam-advertised pharmaceutical, replica and software products are monetized using merchant services from just a handful of banks.

The paper lists many more banks than F-Secure, although all 3 named by F-Secure are in their list of 14:

Wells Fargo is in there!

The list is based on what they found, so it's possible there is more that they missed, and they do make some assumptions to fill out the data. Read the paper for all the gritty details. The point of the research isn't just to count the parties involved, but to determine what techniques would be most effective in disrupting the infrastructure.

And, just for laughs, click here to read a warning about a phishing attack against customers of St. Kitts-Nevis-Anguilla National Bank.

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service

//Stay Connected

Get Product Reviews, Deals, & the Latest News from PCMag

sign up

Plus, get a free copy of PCMag for your iPhone or iPad today.

Offer valid for new PCMag app downloads only. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy.

THANK YOU FOR SUBSCRIBING!

Please follow this link (or search for the PC Magazine app on your iPad or iPhone) to get your free issue. Offer valid for new app downloads.

//Featured Programs

//our current issue

Select Term:

24 issues for $29.99 ONLY $1.25 an issue! Lock in Your Savings!

12 issues for $19.99ONLY $1.67 an issue!

State

Country

This transaction is secure

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service